On Fri, 27 Jan 2023 12:07:32 -0500 Mike Gulick <mgul...@mathworks.com>
wrote:
> Package: systemd
> Version: 247.3-7+deb11u1
> Severity: normal
> X-Debbugs-Cc: mgul...@mathworks.com
>
> Dear Maintainer,
>
> Systemd creates a few users and groups on first boot via systemd-
sysusers
> (e.g. systemd-timesync, systemd-coredump). These users are created
with UIDs
> and GIDs starting from 999, working downwards. However systemd still
creates
> users in this range even when SYS_UID_{MIN,MAX} and SYS_GID_{MIN,MAX}
are set in
> /etc/login.defs (as well as the relevant settings in
/etc/adduser.conf).
> Starting with systemd 247, systemd does provide an option to respect
> /etc/login.defs for auto-generated UIDs, however that feature must be
enabled
> via the compile-time option '-Dcompat-mutable-uid-boundaries=true',
which Debian
> does not currently do. This feature was added to systemd via this
pull request:
> https://github.com/systemd/systemd/pull/17172.
>
> At my organization, we have some unix accounts that are > 20 years
old, and some
> of the old UIDs and GIDs are in the 100-999 range. These can't be
easily
> renumbered as this would cause NFS permission issues (there are
*many* file
> servers). To work around this, we configure our systems to use a
higher ID
> range (30000) for system UIDs and GIDs, however systemd on Debian
does not
> currently respect this configuration. Its easy-enough to renumber
these
> auto-created accounts since there aren't many and they don't own any
files in
> the filesystem, but it would be nice if systemd created them with the
right
> UID/GID in the first place.
>
> FYI I looked at the rpm SPEC for RHEL9 and it looks like it has this
feature
> enabled, so that gives some confidence that it is stable.
>
> Thanks,
> MikeThis is very much a legacy compat feature flag, and in general I'd like to remove as many of these as possible, rather than adding them... Michael what do you think? -- Kind regards, Luca Boccassi
signature.asc
Description: This is a digitally signed message part
